Sunday, September 18, 2011

The Flash Cookie Solution

I'm tired of every single Flash object on the internet adding Flash cookies to my hard drive that can't really be controlled in any way by my browser. It's a huge privacy concern, since they tend to use them to track you from one video to the next. I have BetterPrivacy installed, so at least I get notified when they get shitted onto my hard drive, and I can go clean them up; but it gets annoying scrolling through, say, FailBlog on Google Reader and having to delete their Flash cookies every 5 seconds.

Flash has a preference to disallow third party Flash cookies, which is exactly what the doctor ordered. The only problem: Flash objects can detect that you have third-party cookies disallowed. Thus, disallowing them is pointless because everything will refuse to work without them enabled.

What Flash needs is a "cookie box". When a Flash object creates a new cookie, it would go into the box, which would occupy space in your computer's RAM. Flash would then pop up a notification informing you of this and giving you some options. One would be to make it session only (this would be the default if you disable the notification), so that when Flash is uninitialized (i.e. you change pages) the cookie will be automatically deleted. Another would be to allow it to be stored on the hard drive.

While a Flash cookie gets placed in the box, as far as the Flash object that placed it there is concerned, it would act like any other Flash cookie. However, each Flash object would have a randomly generated UID that gets automatically assigned to the cookies it places in the box, and Flash would only let the object read/write to the cookie with that UID. This UID would be generated when Flash is instanced, and would thus be different for each Flash object on the page in the case of multiple Flash objects being embedded in the same page. This would prevent one Flash object from reading the values set by another unless the cookie is allowed, at which point the UID would be erased and it would be stored on the hard drive, where it would have full permissions.

Furthermore, it needs some way of seeing what values are stored in a Flash cookie so the user can determine what's being tracked. Have this information presented in a read-only fashion to prevent save hacking on Flash games (which you can do anyway with a hex editor...)

Also, there would be the option to whitelist cookies from a specific domain, for instance, Newgrounds. So that all your game saves automatically get stored to the hard drive. Whitelists are more secure than blacklists, only n00bs want blacklists (i.e. anyone who uses YesScript instead of NoScript is a n00b)

Local Flash objects (for instance, the game Machinarium, which is written in Flash/ActionScript and thus its save files are Flash cookies) would be given full permissions and would bypass the box.

The main Flash settings.sol would be tweaked so it no longer contains a list of all sites that Flash has loaded on that any site that uses Flash can access. Browsing habit tracking is already in Flash, no need for any external influence!

Writing third-party Flash cookies would be completely disallowed as well. Flash objects would only be allowed to set cookies for the domain the Flash object is loaded from. So if I embed a YouTube video on my blog, the YouTube player would only be allowed to set cookies for http://xt-8147.blogspot.com/. Reading Flash cookies would be limited to one of two possible secure cases: The URL the Flash object is embedded on, and the URL the Flash object actually exists on. This would mean that any YouTube video I embed here would be allowed to read cookies for http://xt-8147.blogspot.com/ and http://s.ytimg.com/. This would allow their player to hierarchically prefer the volume cookie set on an external site that their player is embedded on over the one for their site, for instance. It would also let the user manually specify this preference. Flash embedded on a secure page (HTTPS) would be limited to reading and writing cookies set only from the secure site, and unsecure (HTTP) sites wouldn't even know the cookies for secure sites exist.

At any time, the user should be able to pull up a dialog within Flash that will show the cookies stored both in the box and on their hard drive, and this dialog would allow the user to delete any cookie.

Last but not least, Flash objects should no longer be allowed to set cookies when the object is deinitialized. I've had to delete so many Flash tracking cookies that got placed when I navigated away from a page with a Flash object.

All of this needs to be implemented in a way that isn't detectable or preventable by Flash objects. This is designed to let the code that places the tracking cookies think everything is working their way when in fact the user isn't being tracked at all because the cookie gets deleted when they navigate away, and if they can detect or work around the system, it's pointless. This system, if implemented as designed, would put the user in control of how information about their browsing habits, even when "anonymously" gathered, is used.